Windows Azure Storage Overview

Windows Azure Storage Overview

I am at the Azure Firestarter event in Redmond today and just heard Brad Calder give a quick overview of Azure data. Here are my notes; slides and sample code are to be posted later and I will update the post with them when they are.

Blobs

REST APIs

Can have a lease on the blob - allows for limiting access to the blob (used by drives)

To create a blob…

Use StorageCredentialsAccountAndKey to create the authentication object

Use CloudBlobClient to establish a connection using the authentication object and a URI to the blob store (from the portal)

Use CloudBlobContainer to create/access a container

Use CloudBlob to access/create a blob

Two types of blobs

Block blob - up to 200 GB

Targeted at streaming workloads (e.g. photos, images)

Can update blocks in whatever order (e.g. potentially mulitple streams)

Page blob - up to 1 TB

Targeted at random read/write workloads

Used for drives

Pages not stored are effectively initialized to all zeros.

Only charged for pages you actually store.

Can create a 100 GB blob, but write 1 MB to it - only charged for 1 MB of pages.

Page size == 512 bytes

Updates must be 512 byte aligned (up to 4 MB at a time)

Can read from any offset

ClearPages removes the content - not charged for cleared pages.

CDN

Storage account can be enabled for CDN.

Will get back a domain name to access blobs - can register a custom domain name via CDN.

Different from base domain used to access blobs directly - if you use the main storage account URL, will retrieve from blob store not using CDN.

To use CDN

Create a blob

When creating a blob, specify "TTL" - time to live in the CDN in seconds.

Reference the blob using the CDN URL and it will cache it in the nearest CDN store.

Signed URLs (Shared Access Signatures) for Blobs

Can give limited access to blobs without giving out your secret key.

Create a Shared Access Signature (SAS) that gives time-based access to the blob.

Specify start-time and end-time.

What resource-granularity (all blobs in a container, just one blob in the container)

Read/write/delete access permissions.

Give out URL with signature.

Signature is validated against a signed identifier. You can instantaneously revoke access to a signature issued by removing the signed identifier.

Can also store time range and permissions with the signed identifier rather than in the URL.

Can change them after issuing the URL and the signature is still valid in the URL.